467,911 Members | 1,531 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 467,911 developers. It's quick & easy.

Prevent loading of php pages

I have a website consisting of php segments.

Example
page1.html calls in code from seg1.php and seg2.php

If the user goes directly to www.mydomain.com/seg1.php they see everything
visible to a browser on that page.

Can I prevent users from loading individual php segments. The only time that
seg1.php should be visible is in its original context on page1.html

Garry Jones
Sweden

Apr 26 '06 #1
  • viewed: 3308
Share:
7 Replies
On Wed, 26 Apr 2006 23:53:13 +0200, "Garry Jones"
<ga*********@morack.se> wrote:
I have a website consisting of php segments.

Example
page1.html calls in code from seg1.php and seg2.php

If the user goes directly to www.mydomain.com/seg1.php they see everything
visible to a browser on that page.

Can I prevent users from loading individual php segments. The only time that
seg1.php should be visible is in its original context on page1.html


Would anyone ever guess that files by that name existed?
Call them seg1_56rt568.php and seg2_56rt569.php

--
Regards, Paul Herber, Sandrila Ltd. http://www.pherber.com/
Electronics for Visio http://www.electronics.sandrila.co.uk/
Apr 26 '06 #2
Something like this at the top of the include file would work:

count(get_included_files()) > 1 or die();

But really, including files in lieu of calling functions is kind of
lame.

Apr 26 '06 #3
>I have a website consisting of php segments.

Example
page1.html calls in code from seg1.php and seg2.php

If the user goes directly to www.mydomain.com/seg1.php they see everything
visible to a browser on that page.

Can I prevent users from loading individual php segments. The only time
that seg1.php should be visible is in its original context on page1.html


The way Joomla and Mambo handle this is as follows:

In page1.php (surely you meant .php, not .html?) you do this right at the
top:

define( 'MAIN_PAGE_LOADED', TRUE );

Then, in "seg1" and "seg2" you do this, again right at the top:

defined( 'MAIN_PAGE_LOADED' ) or die ( 'This page is restricted' );

So, you prevent 'seg1' and 'seg2' from being directly loaded by the user.
They can only be used as include files in 'page1'.

Seems like a simple and effective solution.

-Dana

Apr 27 '06 #4
Garry Jones wrote:
I have a website consisting of php segments.

Example
page1.html calls in code from seg1.php and seg2.php

If the user goes directly to www.mydomain.com/seg1.php they see everything
visible to a browser on that page.

Can I prevent users from loading individual php segments. The only time that
seg1.php should be visible is in its original context on page1.html

Garry Jones
Sweden


Simply put them outside of your DOCUMENT_ROOT where they can't be accessed
directly by a browser.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Apr 27 '06 #5
"Jerry Stuckle" <js*******@attglobal.net> skrev i meddelandet
news:eI********************@comcast.com...
Simply put them outside of your DOCUMENT_ROOT where they can't be accessed
directly by a browser.


How do I do that?

(Excuse the newbie follow up question. I searched around in Google but can't
quite grasp this).

Thanks to you and all others who answer my questions here, I am enlightened.

Garry Jones
Sweden

Apr 27 '06 #6
"Dana Cartwright" <da******@weavemaker.com> skrev i meddelandet
news:nR****************@twister.nyroc.rr.com...
defined( 'MAIN_PAGE_LOADED' ) or die ( 'This page is restricted' );


Thanks for your answer.

Instead of 'This page is restricted' can I have a weblink for them to click
or even an auto redirect to the my index page?

Garry Jones
Sweden
Apr 27 '06 #7
Garry Jones wrote:
"Jerry Stuckle" <js*******@attglobal.net> skrev i meddelandet
news:eI********************@comcast.com...

Simply put them outside of your DOCUMENT_ROOT where they can't be accessed
directly by a browser.

How do I do that?

(Excuse the newbie follow up question. I searched around in Google but can't
quite grasp this).

Thanks to you and all others who answer my questions here, I am enlightened.

Garry Jones
Sweden


The document root id the root directory of your website. But it is not the root
directory of your machine. For instance, your document root might be
"/var/www/website1/html".

When you upload them, put them in a directory below the root of your website,
i.e. "/var/www/website1/myfiles". You can then include this page in your
other PHP pages with something like (assuming Apache):

include($_SERVER['DOCUMENT_ROOT'] . '/../myfiles/my.inc.php');

Anyone accessing a page through http protocol can only access those files in
your web root. But PHP accesses the file system directly, so it can access any
file on the system (assuming the appropriate permissions are set).

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Apr 27 '06 #8

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Rob Tweed | last post: by
25 posts views Thread by Dave Turner | last post: by
5 posts views Thread by Manish Jain | last post: by
4 posts views Thread by KJS | last post: by
6 posts views Thread by ImOk | last post: by
3 posts views Thread by Phil | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.